Professional Documents
Culture Documents
BT Business Broadband
with the BT Business Hub
www.btbroadbandoffice.com
Notice to users
Customers are advised to check and ensure that the use of BT Record the serial number in the space provided here
Share/Network is permitted by their broadband service provider and refer to it when you call the helpdesk.
and that any applicable consent or licences from landlords or
other third parties have been obtained before installing and
Serial Number:
operating this product. © British Telecommunications plc 2006.
Safety Information
The symbol shown here and on the product means that the product is classed
as Electrical or Electronic Equipment and should not be disposed with other household
or commercial waste at the end of it's working life
The Waste of Electrical and Electronic Equipment (WEEE) Directive (2002/96/EC) has been put in place
to recycle products using best available recovery and recycling techniques to minimise the impact on the
environment, treat any hazardous substances and avoid the increasing landfill.
• Use of an alternative power supply may damage the BT Business Hub, and will invalidate the
approval that accompanies it.
• To prevent fire or shock hazard, do not expose the BT Business Hub to rain or moisture.
• To avoid electrical shock, do not open the hub. Refer servicing to qualified personnel only.
• An electrical storm could damage the hub. To avoid this possibility, we recommend you
disconnect it from the mains power and telephone line during an electrical storm.
• Never install telephone sockets in wet locations unless the socket is specifically designed
for wet locations.
• Never touch uninsulated telephone wire or terminals unless the telephone line has been
disconnected at the network interface.
• Use caution when installing or modifying cable or telephone lines.
• Do not use the hub or a telephone to report a gas leak in the vicinity of the leak.
• Install the BT Business Hub within 1830mm of a mains socket. Use caution when laying
out the cable to avoid hazard to people walking near or using the equipment.
2
Contents
Introduction 4
Sample network using Small Business Server (SBS) 2003 5
Manually configure the BT Business Hub 5
Multiple Static IP address configuration 7
Configure the hub to support public network Static IP addressing manually 8
Assign the Static IP addresses to the local network via the BT Business Hub 9
Assign Static IP addresses to each network server manually 10
Assign Static IP addresses to each server via DHCP 11
Allow all inbound traffic to flow to the SBS 2003 13
Sample small-to-medium business network 14
Allow WAN traffic to flow to network servers 15
Allow all inbound traffic to flow to a specified server 15
Allow specific inbound ports to flow to a server 16
Edit advanced firewall settings 17
• Security settings
• Inbound and outbound control
• Attack detection
Resolve DNS entries 19
Summary 19
Appendix A: DHCP service 20
• Disable the BT Business Hub's DHCP service
• Use the BT Business Hub's DHCP service
3
Introduction
Specific sections of the document can be ignored if not applicable to the network
into which the BT Business Hub is being deployed.
4
Sample network using Small Business Server (SBS) 2003
The network described in this section includes SBS 2003 with two
Network Interface Cards (NICs). The SBS is providing DHCP service to the
Local Area Network (LAN) and is routing Internet-based network traffic
from the LAN to the Wide Area Network (WAN). Using a Public Network
Address of 217.46.146.192/29, the BT Business Hub is assigned the
217.46.146.198/29 address, and the SBS WAN-facing NIC is assigned
the 217.46.146.193/29 address.
The private LAN uses the 192.168.17.0/24
address, and the SBS LAN-facing NIC is
assigned the 192.168.17.2/24 address.
5
4. In the Key Code field, enter ‘528Y-2374-A222-22BJ-B2QA’
and click ‘Next’. ‘The Set Up Connection Info’ page opens
6
Multiple Static IP address configuration
7
Configure the hub to support public network Static
IP addressing manually
8
Assign Static IP addresses to the local network
via the BT Business Hub
9
Assign Static IP addresses to each network server manually
After the broadband connection has been • manually change the server TCP/IP settings
established and multiple Static IP addresses • manually change the computer's TCP/IP settings from
enabled, the VPN server, web server, and network 'Obtain an IP address automatically' to 'Use the following
server must be assigned Static IP addresses from the IP address'
available pool. To do this, use one of the following • select one of the usable static IP addresses. In this example,
the TCP/IP settings would be configured as follows:
3 methods:
10
Assign Static IP addresses to each server via DHCP
Check that the BT Business Hub-connected network interface for each server
is configured as a DHCP client (i.e. to ‘Obtain an IP address automatically’).
You can then assign the Static IP addresses directly to each server via DHCP.
To assign the Static IP addresses from the BT Business Hub:
11
5. To assign an available Static IP address to each server,
select the DHCP Fixed option from the list box next
to each server name. For this example, select the
following options:
Device IP Address
VPNSRV DHCP Fixed 208.35.230.193
WEBSRV DHCP Fixed 208.35.230.194
MASTERSRV DHCP Fixed 208.35.230.195
12
Allow all inbound traffic to flow to the SBS 2003
6. Click ‘DONE’
13
Sample small-to-medium business network
This sample is a multi-homed network server and provides DHCP service to the
Local Area Network (LAN) and routes Internet-based network traffic from the
LAN to the Wide Area Network (WAN). One of the server network interfaces is
connected to the LAN and the other is connected to a hardware firewall.
Firewall protection is provided by the network server operating system and is
applied to the WAN connected network interface. Alternatively, a specialised
hardware firewall might be installed between the BT Business Hub and the
WAN-connected network card in the network server.
Note: The configuration information listed in the following sections are examples ONLY.
Depending on your network setup, your actual settings (such as values for DNS and
IP addresses) may vary.
14
Allow WAN traffic to flow to network servers
In this example, all WAN traffic destined for the VPN server and the
network server will be allowed. Allowing all inbound traffic disables
the inbound port blocking feature of the BT Business Hub's firewall.
However, stateful packet inspection will still occur as the traffic passes
through the hub providing continued protection against Denial of
Service and other common Internet attacks.
In the case of the web server, the 'hosted application' feature of the BT
Business Hub will be used. This feature provides a quick and easy way
to allow specific types of unsolicited traffic through the BT Business
Hub firewall including traffic on TCP port 80 http.
6. Click ‘DONE’
To allow all traffic for network server, repeat the above steps selecting
MASTERSRV from the list of computers.
15
Allow specific inbound ports to flow to a server
7. Click ‘DONE’
16
Edit Advanced Firewall Settings
NOTE: These features should be used only if you are thoroughly familiar with
firewalls and networking.
Security Settings
The BT Business Hub firewall provides a high level of security.
You can configure the firewall to provide advanced security
features, including stealth mode, block pings, or strict UDP
session control.
Note: Allowing inbound traffic does not mean that the firewall automatically
allows this type of traffic to pass through the firewall to the network.
Even if a particular protocol/application type is allowed via the Advanced
Configuration settings, the firewall still checks and blocks all unsolicited
traffic from the Internet unless the firewall is configured to allow the
traffic through using an application profile.
17
Attack detection
The BT Business Hub provides a robust business-grade firewall You may need to disable one or more of the attack detection
to protect all devices on the local network. There are some capabilities for any device placed in the DMZplus. In this case,
applications and devices that require the use of specific data the third-party server provides the attack protection normally
ports through the firewall. The BT Business Hub allows users provided by the BT Business Hub.
to open the necessary ports through the firewall using the The following table lists the attacks for which the BT Business
Firewall Settings page. If the user requires that a computer Hub firewall filters continuously check.
has all incoming traffic available to it, this computer can
be set to the DMZplus mode. While in DMZplus mode, the To disable a specific attack detection capability, deselect the
computer is still protected against numerous broadband applicable checkbox and click ‘SAVE’.
attacks (such as SYN FLOOD, Invalid TCP flag attacks, etc.) Note: It is highly recommended that any computer in the DMZplus has its own
In rare cases, the incoming traffic may be inadvertently firewall protection. This applies for both single IP and dynamic service offerings.
blocked by the firewall (for example when integrating with
external third-party firewalls or VPN servers).
18
Resolve DNS entries
The BT Business Hub maintains a local DNS table so that one LAN device can
access other LAN devices by using the computer's network name. As LAN devices
are assigned IP addresses, the BT Business Hub populates its local DNS table,
which associates the computer name with an IP address.
To access the DNS Resolve table and manually add additional entries please see
the 'Resolve DNS entries' section in the Product Support Guide.
Summary
Configuration of the sample network is complete.
After completing the steps in this guide, the following network properties are in place:
• each server has been assigned its proper static IP address, either by manually configuring the
TCP/IP settings of the server or by assigning the address directly from the BT Business Hub
• both the VPN server and network server are receiving all inbound traffic destined for their
respective static IP address
• the web server is receiving only TCP port 80 inbound traffic for its static IP address
19
Appendix A: DHCP service
Disable the BT Business Hub
DHCP Service
20
To disable the BT Business Hub DHCP server:
5. In the ‘Router Address’ field, enter the IP address for the hub.
This address should be a part of your local network range but
must not be part of the DHCP address pool. In other words,
the BT Business Hub must have a local Static IP address that
does not change. In the example case, the IP address would
be 192.168.0.62
21
Use the BT Business Hub's DHCP service
The BT Business Hub has a built-in DHCP server that provides You can also configure a custom range of IP addresses.
IP addresses to any device on the local network. By default, the You must select the ‘ENABLE DHCP’ checkbox and click
BT Business Hub provides the following range of IP addresses: the ‘SAVE’ button to submit your changes.
If the default IP range is not suitable for your environment, 2. Make sure that the existing network DHCP server has
the BT Business Hub can also be set to provide the following been disabled
pre-configured IP address ranges:
3. Connect the remaining computers to the BT Business
172.16.x.x IP Range Hub, and release and renew the IP address to request
• IP Range 172.16.1.33 to 172.16.1.250 a new IP address from the BT Business Hub
• Subnet Mask 255.255.0.0
• Gateway 172.16.0.1 4. If any computers require Static IP, manually
• DNS 172.16.0.1 change the computer's TCP/IP settings to one
of the 1 to 32 IP addresses
10.x.x.x IP Range
• IP Range 10.0.1.33 to 10.0.1.250 5. Test connectivity to the Internet
• Subnet Mask 255.255.0.0
• Gateway 10.0.0.1
• DNS 10.0.0.1
22
Appendix B: The BT Business Hub's
inter-operability with VPN
23
www.btbroadbandoffice.com
Offices worldwide
The services described in this publication are subject to availability
and may be modified from time to time. Services and equipment
are provided subject to British Telecommunications plc’s respective
standard conditions of contract. Nothing in this publication forms
any part of any contract.
PHME 50953
Item Code: 027049